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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )Q Responsive to communication(s) filed on . 

2a)S This action is FINAL. 2b)Q This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) □ Notice of References Cited (PTO-892) 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) □ Interview Summary (PTO-413) 
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5) □ Notice of Informal Patent Application (PTO-152) 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-22 are rejected under 35 U.S.C. 102(e) as being anticipated by Segal. 

3. As per claim 1, Segal discloses method of scanning a communication received at a 
firewall for target content(see col. 2, lines 51-54, col. 3, lines 26-32), wherein the communication 
is directed to one of a set of computer nodes connected to the firewall(see col. 2, lines 58-67, col. 
3, lines 1-12), maintaining on the firewall a scanning module configured to scan communications 
received at the firewall(see col 3, lines 35-45); maintaining a set of criteria for determining 
when one of the communications may be scanned at a computer node connected to the firewall 
instead of at the firewall(see col. 2, lines 60-67, col. 3, lines 1-15); partitioning responsibility for 
scanning the communications between the firewall and a first computer node connected to the 
firewall(see col. 2, lines 60-67, col. 3, lines 1-15, col. 4, lines 20-26); receiving a first 
communication is intended for the first computer node(see col. 2, lines 60-67, col. 3, lines 1-15); 
identifying one or more attributes of the first communication(see col. 2, lines 60-67, col. 3, lines 
1-15); determining from the criteria and the attributes whether to scan and the first 
communication for target content on the firewall(see col. 3, lines 1-15); determining from the 
criteria and the attributes whether the first computer node is configured to scan the first 
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communication for the target content(see col. 3, lines 1-15); and forwarding the first 
communication to the first computer node; wherein the first computer node receives and scans 
the communication for target confent(see col. 3, lines 1-15, 26-33). 

4. As per claim 2, Segal discloses receiving a second communication at the firewall, 
wherein the second communication is intended for a second computer node(see col. 2, lines 60- 
67, col. 3, lines 1-15); identifying one or more attributes of the second communication(see col. 2, 
lines 60-67; determining from the criteria and the attributes of the second communication 
whether the second computer node is permitted to scan the second communication for 
predetermined content(see col 2, lines 60-67, col. 3, lines 1-15); scanning the second 
communication at the firewall for the predetermined content(see col. 3, lines 1-15); and 
forwarding the second communication to the second computer node(see col. 2, lines 60-67, col. 
3, lines 1-15); wherein the second computer node receives but does not scan the second 
communication for the predetermined content(see col. 3, lines 1-15). 

5. As per claim 3, Segal discloses marking the second communication before the forwarding 
to the second computer node(see col. 3 lines 1-7). 

6. As per claim 4, Segal discloses receiving scanning capabilities of a first computer node 
connected to the firewall(see col. 3, lines 1-6); consulting a set of scanning requirements 
specified by an operator of the firewall(see col. 2, lines 60-67, col. 3, lines 12-15); and 
specifying a set of criteria to identify when communication may be scanned for target content by 
the first computer node(see col. 3, lines 1-15). 

7. As per claim 5, Segal discloses wherein the partitioning further includes receiving a set of 
proposed criteria from the first computer node(see col. 3, lines 1-15). 
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8. As per claim 6, limitations have already been addressed(see claim 1). 

9. As per claim 7, limitations have already been addressed(see claims 1-2). Further, claim 
7, is rejected for a virus scanner, inherently discloses a virus scanner a firewall that filters and 
scans data(see col. 3, lines 35-45) . 

10. As per claim 8, Segal discloses a first subset of firewall rules for application by the 
firewall to determine how to handle the communication(see col. 2, lines 60-67, col. 3, lines 12- 
15); and a second subset of proxy rules for application by a proxy operating on the firewall to 
determine how to handle the communication(see col. 3, lines 1-15). 

11. As per claim 9, Segal discloses a first subset of scanning rules for determining when the 
communication may be scanned for target content by a destination node of the communication 
instead of the firewall(see col. 3, lines 1-15); a second subset of scanning rules for determining 
when the communication is to be scanned on the destination node and not on the firewall(see col. 
3, lines 1-15, 30-45). 

12. As per claim 10, Segal discloses negotiating between the firewall and the first node to 
define the first subset of scanning rules(see col. 3, lines 1-15). 

13. As per claim 11, Segal discloses receiving the second subset of scanning rules from a 
firewall administrator(see col. 2, lines 60-67). 

14. As per claim 12, Segal discloses establishing a secure connection between the firewall 
and the first node; receiving at the firewall a proposed set of criteria for determining when a first 
node shall scan a communication instead of the firewall; and determining whether the proposed 
set of criteria conflicts with the second subset of scanning rules(see col. 3, lines 1-15). 
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15. As per claim 13, Segal discloses negotiating further includes providing the first subset of 
scanning rules to the first node(see col 3, lines 1-15). 

16. As per claim 14, Segal discloses negotiating further includes sending an updated version 
of the second virus scanner to the first node(see col. 2, lines 51-67, col. 3, lines 1-15). 

17. As per claim 15, Segal discloses negotiating is performed after the second virus scanner 
is configured on the first node by a user(see col. 3, lines 1-15). 

18. As per claim 16, Segal discloses wherein the negotiating is performed after the first node 
is rebooted(see col. 4, lines 20-26). 

19. As per claim 17, it is rejected under the same basis as claim 1. 

20. As per claim 18, Segal discloses a first indicator configured to indicate whether a first 
communication scanning module is installed on a firewall(see col. 3, lines 30-45); a second 
indicator configured to indicate whether a second communication scanning module is installed 
on a destination node a communication received at the firewall(see col. 4, lines 1-20); and a set 
of criteria to be applied to the communication to determine if the communication is to be scanned 
for target content at the firewall or at the destination node(see col. 2, lines 60-67), wherein the 
second indicator and the set of criteria are configured during a negotiation process between the 
firewall and the destination node(see col. 2, lines 60-67). 

21. As per claim 19, Segal discloses a firewall configured to receive a communication from 
an external entity for a first node connected to the firewall(see col. 3, lines 1-15), a first proxy 
module configured to establish a connection to the external entity(see col. 2, lines 60-67, col. 3, 
lines 1-15); a first scanning module configured to scan the communication for target content(see 
col. 3, lines 1-15); and a set of rules configured to determine whether the communication is to be 
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scanned for the target content on the firewall or on the first node(see col. 2, lines 60-67); and a 
first computer node connected to the firewall includes a second scanning modules(see col. 3, 
lines 1-15), wherein the first computer node negotiates with the firewall to configure a first 
subset of the rules to identify when the first computer node shall scan the communication rather 
than the firewall(see col. 2, lines 60-67, col. 3, lines 1-15); wherein a measurement of 
performance of the firewall is increased as a result of the first node scanning one or more 
communications rather than the firewall(see col. 3, lines 1-15) . 

22. As per claim 20, Segal discloses includes a negotiation module to negotiate with the 
firewall on behalf of multiple scanning modules, including the second scanning module(see col. 
3, lines 1-15). 

23. As per claim 21, Segal discloses wherein the firewall includes a negotiation module to 
negotiate with the first node on behalf of multiple proxies, including the first proxy module(see 
col. 2, lines 51-67). 

24. As per claim 22, Segal discloses a first set of criteria to be applied for all nodes connected 
to the firewall and all communications received at the firewall to determine if a first 
communication received at the firewall for a first destination node connected to the firewall may 
be scanned for target content by the first destination node rather than the firewall(see col. 2, lines 
60-67, col. 3, lines 1-15); and a second set of criteria to be applied for a subset of all 
communications to determine if the first communication may be scanned for the target content 
by the second destination node rather than the firewall(see col. 2, lines 60-67, col. 3, lines 1-15); 
wherein the second set of criteria are applied by the first proxy module and the subset of all 
communications includes communications formatted according to a predetermined 
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communication protocol; and wherein the first set of criteria is applied prior to the second set of 
criteria(see col. 2, lines 60-67, col. 3, lines 1-15). 

Response to Amendment 

25. The Applicant states that Segal does not disclose maintaining a set of criteria for 
determining when one of the communications may be scanned at a computer node connected to 
the firewall instead of at the firewall. The Examiner disagrees with the Applicant. Segal 
discloses that each firewall includes a shared list that includes a plurality of nodes and a set of 
access privileges for each listed node(see col. 2, lines 60-67), thus Segal does disclose 
maintaining a set of criteria. Further, Segal discloses determining when one of the 
communications may be scanned at a computer node connected to the firewall instead of at the 
firewall, because Segal discloses an example such as node Bl is a computer or LAN at an 
accounting firm, the firm(node Bl) may want to restrict the nodes from which it receives or 
transmits E-mail or other certain types of transmissions. The firm(node Bl) wishes to receive e- 
mail only form its clients Zl, Y2, and X4 all of which are nodes on the network. Node(Bl) 
would instruct node(45) which is a firewall to provide that shared list. Thus, Segal discloses that 
the node and the firewall communicate to determine which transmissions are to be transmitted. 

26. The Applicant states that Segal does not disclose a virus scanner. Segal inherently 
discloses a virus scanner, because Segal discloses a firewall that filters and scans data(see col. 3, 
lines 35-45). 
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Final Action 

27. THIS ACTION IS MADE FINAL, Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (703) 306-0426. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 872-9306 for regular 
communications and (703) 308-6306 for After Final communications. 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 




*** 



Apri113 ' 2004 fkr^aU^ 

AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



